Scammers Insert Fake Support Numbers on Real Apple, Netflix, PayPal Pages

Cybercriminals are finding clever new ways to trick people, even on the official websites of major companies. Malwarebytes Senior Director of Research, Jérôme Segura, has identified a widespread scam where fake phone numbers for customer support are being inserted directly onto the legitimate help pages of well-known brands.

This trick has been seen affecting companies like:

1. HP
2. Apple
3. Netflix
4. PayPal
5. Microsoft
6. Facebook
7. Bank of America

The scam typically starts with a sponsored advertisement on Google, which directs users to the real company website. It is worth noting that instead of creating a fake website, these scammers use a clever technique called a search parameter injection attack.

This means they create a special, malicious web address that embeds their scam phone number into the real website’s search function. When a user clicks on a poisoned search result, they land on the brand’s actual support page. The web address in their browser will show the legitimate site, giving no cause for alarm.

However, the scammer’s fake phone number appears prominently within what looks like an official search result on the page itself. For instance, on Netflix, the site’s search function “blindly reflects whatever users put in the search query parameter without proper sanitization or validation,” creating a weakness the scammers exploit, Malwarebytes’ Pieter Arntz explained in the report shared with Hackread.com.

Once a victim calls the fake number, the scammers pretend to be company representatives. Their goal is to get personal details, credit card information, or even gain remote access to the victim’s computer. If it’s a financial company like Bank of America or PayPal, the scammers aim to empty bank accounts.

Malwarebytes Browser Guard proved effective in catching these scams, displaying a warning about Search Hijacking Detected and explaining that unauthorized changes have occurred. However, some instances are harder to spot such as, on Apple’s support page, the fake number appears alongside a message stating no search matches were found, urging users to call the displayed number.

To avoid falling victim, always be suspicious if a phone number appears directly in the web address bar, or if search terms like Call Now or Emergency Support are visible there. Watch out for many strange characters (like %20 or %2B) mixed with phone numbers in the URL. If a website shows a search result before you even type anything, that’s another warning sign. Any urgent language like Account suspended should also raise an alarm.

Moreover, before calling any support number, always look up the official contact details from a trusted source, like their social media pages, and compare it to the number you found. If they don’t match, investigate further. Finally, if during a call, you’re asked for personal or banking details unrelated to your issue, hang up immediately.